Unable to set CORS headers for 404 & 403 error cod...

Teja · 07-22-2023 07:24 AM

Hi Team,

We have a requirement to put the cors headers at everytime even in error state as well and it is working fine whenever there is an 400, 401, 409, 500.. for all these errors but it is not working properly for 403 & 404 error codes.
And Im getting error like below

 No 'Access-Control-Allow-Origin' header is present on the requested resource.

May I know why cors headers are not adding for 403 & 404 status codes.

Here Im using AssignMessage Policy to set up cors haeders

Thanks In Advance.

dchiesa1

Can you elaborate on the difference between 400 and 403 and {the rest of the statuses} ?

When you say you are using AssignMessage to set the headers, I am assuming that you are attaching this AssignMessage somewhere in the proxy flow. Maybe in the Response postflow on the ProxyEndpoint? Did you know that in some cases, fault scenarios, the regular flow of the API proxy will be interrupted, the flow enters "fault flow", and subsequent policies attached to the normal (request or response) flow will be skipped? Could this be why you don't see the effect of the AssignMessage? Is the policy being skipped? Do you need to attach it to a fault handler?

Or is there another reason the policy is not being executed? For example if you have a proxyendpoint that checks for all of the valid pathsuffixes, and has a default flow that sends back a 404 via RaiseFault, ... then .... again it's possible the assignmessage will not be executed.

BTW, if you are using Apigee X, you can just use the CORS policy for this purpose. It's really simple. You don't need to worry about Fault handling etc.

Unable to set CORS headers for 404 & 403 error codes